It is very common in networks to have a server provide services to a client. The client, commonly with a user, demands a service from the server, which, usually after verification that the client has the right to access the service, provides the service to the client. Examples of such services are video-on-demand, printing of documents, and unlocking of locked doors.
Unfortunately, there are people, so called “hackers” or “pirates” who try to obtain access to such services without having the right to do so. To this end, they use various techniques to overcome the security solutions in the networks.
One of the solutions that attempt to thwart the efforts of the hackers is mutual authentication, i.e. the client authenticates the server to ensure that it is an authentic server and vice versa. The authentication may be performed using the presentation of a valid or signed identity, the presentation of a username and associated password, or protocols involving symmetric or asymmetric cryptography.
Another solution is to use closed platforms that are difficult to reverse engineer to recover their secrets or to modify their behaviour. This solution, usually used together with other solutions such as authentication, is for example used in game stations (e.g. PlayStation and Xbox), set-top boxes in pay-TV systems, triple-play modems (e.g. Freebox and Livebox) or mobile phones. This is, naturally, quite different from personal computers (PCs) for which it may be argued that their strength comes from the diversity of architectures.
While it is difficult to emulate a closed platform sufficiently to impersonate it towards the server, it has been shown that this is not impossible. The standard solution to this problem is revocation. When the system authority becomes aware that a client has been cracked, the client is put on a revocation list. During authentication, the server first verifies if the client is on the revocation list and, if so, denies service. Within the context of the present application, “emulate a platform” means that the emulating platform purports to use certain hardware, to use a certain operating system, to run certain applications, or a combination thereof. Furthermore, to verify that a client is non-emulated means to verify that it uses certain hardware, uses a certain operating system, runs certain applications, or a combination thereof.
For the revocation to be efficient, the system authority needs to be aware that a device has been cracked. This may take a long time during which the hacker may continue to enjoy the services or, even worse, let others know how to emulate the device so that the services may be used by many people.
It can thus be appreciated that there is a need for a solution that improves upon the current security solutions, making it more difficult for hackers to emulate client devices.
The present invention provides such a solution.